On 02.11.22 20:44, Jochen Kellner via FreeIPA-users wrote:
Hello Ronald,
Ronald Wimmer via FreeIPA-users <[email protected]>
writes:
On 02.11.22 18:20, Rob Crittenden via FreeIPA-users wrote:
Ronald Wimmer via FreeIPA-users wrote:
In order to integrate our AIX clients we do have to take two steps
manually:
1) Enrolling the host
2) Fetching the keytab file for this particular host
A quick search in the WebGUIs API browser revealed a host_add method but
I cannot find a method for fetching a keytab file. Did I miss something
here?
There is no IPA API to retrieve a keytab[1]. You should use
ipa-getkeytab.
There is no ipa-getkeytab on AIX. So I need to fetch an IPA client's
keytab from LDAP, right?
I'd do the following:
1. Enroll the host in freeipa:
ipa host-add aix.example.org --ip-address=192.168.30.x
2. Allow my user to create a keytab:
ipa host-allow-create-keytab aix.example.org --users=jochen
3. get the keytab:
ipa-getkeytab -p host/aix.jochen.org -k aix.keytab
Keytab successfully retrieved and stored in: aix.keytab
4. Transfer the keytab to the AIX host
Thanks Jochen! I am trying to automate these steps. AIX colleagues are a
separate team and do not have the possibility to use ipa commands on a
linux machine at the moment.
What I need is a possibility to enroll a host and fetch its keytab
comlpletely without ipa commands and manual interaction so that the AIX
guys can do that themselves.
Cheers,
Ronald
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
